Tweet
Hallo,
Graag wil ik iemand vragen om mij te helpen. Op de nieuwe pc van mn broertje krijgen we allemaal rare reclame tabs te zien zodra hij de browser opent. Ik zie dan tabs van MacAfee en andere reclame beoordelingssite's.
Graag willen wij hiervan af. Kan iemand ons helpen?
Ook doet het snel zoeken zoekveld van google het niet bij firefox. Heeft dit eveneens te maken met een virus?
Bovendien gaat de pc vaak zomaar dicht en dan krijgen we een blauwe scherm te zien van oeps er is iets misgegaan.....
Alvast bedankt!
Nero
MBAM logje:
Malwarebytes Anti-Malware
Scan Date: 13-12-2014
Scan Time: 16:24:51
Logfile: FILEEE.txt
Administrator: No
Version: 2.00.4.1028
Malware Database: v2014.12.13.04
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Mensur & Adna
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 418046
Time Elapsed: 32 min, 3 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
AdwCleaner:
# AdwCleaner v4.105 - Rapport aangemaakt 13/12/2014 op 19:15:38
# Laatste Update 08/12/2014 door Xplode
# Database : 2014-12-13.4 [Live]
# Besturingssysteem : Windows 8.1 (64 bits)
# Gebruikersnaam : E - MBELMA
# Gestart vanuit : C:\Users\Mensur & Adna\Downloads\adwcleaner_4.105.exe
# Optie : Verwijderen
***** [ Services ] *****
Service Verwijderd : vToolbarUpdater18.1.9
***** [ Bestanden / Mappen ] *****
Map Verwijderd : C:\ProgramData\AVG SafeGuard toolbar
Map Verwijderd : C:\ProgramData\AVG Secure Search
Map Verwijderd : C:\Program Files (x86)\AVG SafeGuard toolbar
Map Verwijderd : C:\Program Files (x86)\Common Files\AVG Secure Search
Map Verwijderd : C:\Program Files\AVG SafeGuard toolbar
Map Verwijderd : C:\UsErs\E\AppData\LocalLow\AVG SafeGuard toolbar
Bestand Verwijderd : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\S
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Waarde Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : HKCU\Software\AVG SafeGuard toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\AVG SafeGuard toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\AVG Security Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v33.1 (x86 nl)
*************************
AdwCleaner[R0].txt - [4979 octets] - [13/12/2014 19:14:01]
AdwCleaner[S0].txt - [4907 octets] - [13/12/2014 19:15:38]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4967 octets] ##########
E-Peek:
E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2014
E Dev
Run at za 13 dec 2014 19:27
.
Windows 8.1 (64 bits)
C:\windows [NTFS - Fixed]
Default Browser: Internet Explorer
Boot mode: Normal boot
User logged in: E
.
Java x86: n/a
Java x64: n/a
.
AV : Windows Defender [Updated - Not Running]
AV : avast! Antivirus [Updated - Not Running]
AS : Windows Defender [Updated - Not Running]
AS : avast! Antivirus [Updated - Not Running]
FW : FW : avast! Antivirus [Updated - Not Running]
.
==================== Files and Folders history =================================
Folders Created Last 7 days :
13-12-2014 ##### r-h-s-d+a- C:\Users\E\AppData\Roaming\E Dev
13-12-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services
13-12-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
13-12-2014 ##### r-h-s-d+a- C:\AdwCleaner
Files Modified Last 7 days :
13-12-2014 03409780 r-h-s-d-a+ C:\windows\system32\PerfStringBackup.INI
13-12-2014 00806500 r-h-s-d-a+ C:\windows\system32\perfh013.dat
13-12-2014 00789596 r-h-s-d-a+ C:\windows\system32\prfh0816.dat
13-12-2014 00723316 r-h-s-d-a+ C:\windows\system32\perfh009.dat
13-12-2014 00542632 r-h-s-d-a+ C:\windows\system32\perfh008.dat
13-12-2014 00164166 r-h-s-d-a+ C:\windows\system32\prfc0816.dat
13-12-2014 00162500 r-h-s-d-a+ C:\windows\system32\perfc013.dat
13-12-2014 00135930 r-h-s-d-a+ C:\windows\system32\perfc009.dat
13-12-2014 00089196 r-h-s-d-a+ C:\windows\system32\perfc008.dat
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-18-17-15.076-AvastVBoxSVC.exe-2924.log
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-15-17-37.080-AvastVBoxSVC.exe-3284.log
11-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-11-18-31-52.037-AvastVBoxSVC.exe-3296.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-20-55-54.070-AvastVBoxSVC.exe-3320.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-18-34-52.056-AvastVBoxSVC.exe-2772.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-19-12-22.098-AvastVBoxSVC.exe-3088.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-18-23-59.056-AvastVBoxSVC.exe-3148.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-19-08-02.017-AvastVBoxSVC.exe-3288.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-18-08-03.041-AvastVBoxSVC.exe-3228.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-15-40-42.079-AvastVBoxSVC.exe-3480.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-47-58.085-AvastVBoxSVC.exe-3332.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-16-46.051-AvastVBoxSVC.exe-3288.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-15-01-15.053-AvastVBoxSVC.exe-3308.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-14-58-37.056-AvastVBoxSVC.exe-4952.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-12-14-52.064-AvastVBoxSVC.exe-3264.log
06-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-06-21-05-50.000-AvastVBoxSVC.exe-3360.log
Files Created Last 7 days :
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-18-17-15.076-AvastVBoxSVC.exe-2924.log
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-15-17-37.080-AvastVBoxSVC.exe-3284.log
11-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-11-18-31-52.037-AvastVBoxSVC.exe-3296.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-20-55-54.070-AvastVBoxSVC.exe-3320.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-18-34-52.056-AvastVBoxSVC.exe-2772.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-19-12-22.098-AvastVBoxSVC.exe-3088.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-18-23-59.056-AvastVBoxSVC.exe-3148.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-19-08-02.017-AvastVBoxSVC.exe-3288.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-18-08-03.041-AvastVBoxSVC.exe-3228.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-15-40-42.079-AvastVBoxSVC.exe-3480.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-47-58.085-AvastVBoxSVC.exe-3332.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-16-46.051-AvastVBoxSVC.exe-3288.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-15-01-15.053-AvastVBoxSVC.exe-3308.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-14-58-37.056-AvastVBoxSVC.exe-4952.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-12-14-52.064-AvastVBoxSVC.exe-3264.log
06-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-06-21-05-50.000-AvastVBoxSVC.exe-3360.log
==================== RUNNING PROCESSES =========================================
[afwServ] -SYSTEM- C:\Program Files\AVAST Software\Avast\afwServ.exe - (AVAST Software)
[audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
[AvastSvc] -SYSTEM- C:\Program Files\AVAST Software\Avast\AvastSvc.exe - (AVAST Software)
[avastui] -Mensur & Adna- C:\Program Files\AVAST Software\Avast\avastui.exe - (AVAST Software)
[AvastVBoxSVC] -SYSTEM- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe - (Avast Software)
[CLMLSvc_P2G8] -Mensur & Adna- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe - (CyberLink)
[csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
[csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
[dllhost] -SYSTEM- C:\windows\system32\DllHost.exe - (Microsoft Corporation)
[dwm] -DWM-1- C:\windows\system32\dwm.exe - (Microsoft Corporation)
[E-Peek 1.9.9.0] -E- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
[explorer] -Mensur & Adna- C:\windows\Explorer.EXE - (Microsoft Corporation)
[HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
[IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
[IAStorIcon] -Mensur & Adna- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
[IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
[jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
[livecomm] -Mensur & Adna- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.ex e - (Microsoft Corporation)
[LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
[lsass] -SYSTEM- C:\windows\system32\lsass.exe - (Microsoft Corporation)
[mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
[msiexec] -SYSTEM- C:\windows\system32\msiexec.exe - (Microsoft Corporation)
[ngservice] -SYSTEM- C:\Program Files\AVAST Software\Avast\ng\ngservice.exe - (AVAST Software)
[NvBackend] -Mensur & Adna- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
[nvtray] -Mensur & Adna- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
[PDVD12Serv] -Mensur & Adna- C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe - (CyberLink Corp.)
[RAVCpl64] -Mensur & Adna- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor)
[RichVideo64] -SYSTEM- C:\Program Files\CyberLink\Shared files\RichVideo64.exe - ()
[RuntimeBroker] -Mensur & Adna- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
[SearchFilterHost] -SYSTEM- C:\windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
[SearchIndexer] -SYSTEM- C:\windows\system32\SearchIndexer.exe - (Microsoft Corporation)
[SearchProtocolHost] -SYSTEM- C:\windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
[services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
[smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
[spoolsv] -SYSTEM- C:\windows\System32\spoolsv.exe - (Microsoft Corporation)
[System] -N/A- - (System)
[taskhostex] -Mensur & Adna- C:\windows\system32\taskhostex.exe - (Microsoft Corporation)
[TiWorker] -SYSTEM- C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17129_none_fa6387b99b0c7738\TiWorker.exe - (Microsoft Corporation)
[TrustedInstaller] -SYSTEM- C:\windows\servicing\TrustedInstaller.exe - (Microsoft Corporation)
[unsecapp] -Mensur & Adna- C:\windows\system32\wbem\unsecapp.exe - (Microsoft Corporation)
[VSSVC] -SYSTEM- C:\windows\system32\vssvc.exe - (Microsoft Corporation)
[wininit] -SYSTEM- C:\windows\system32\wininit.exe - (Microsoft Corporation)
[winlogon] -SYSTEM- C:\windows\system32\winlogon.exe - (Microsoft Corporation)
[WmiPrvSE] -NETWORK SERVICE- C:\windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
[WmiPrvSE] -SYSTEM- C:\windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
[WpcMon] -Mensur & Adna- C:\windows\system32\WpcMon.exe - (Microsoft Corporation)
==================== IE PAGES ==================================================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
Start Page = hxxp://www.msn.com/?pc=AV01
Local Page = C:\Windows\SysWOW64\blank.htm
Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DisplayName = @ieframe.dll,-12512
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
DisplayName = Microsoft (Bing)
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
==================== IE PAGES x64 ==============================================
HKLM\Software\Microsoft\Internet Explorer\Main
Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Local Page = C:\Windows\System32\blank.htm
Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DisplayName = @ieframe.dll,-12512
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
==================== Auto Load =================================================
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = userinit.exe
Shell = explorer.exe
==================== Auto Load x64 =============================================
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\Windows\system32\userinit.exe,
Shell = explorer.exe
==================== Firefox ===================================================
FF - ProfilePath - C:\Users\E\AppData\Roaming\Mozilla\firefox\Profiles\1thnbs72.default
FF - Ext: [Default 32.0.3 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True
FF - Ext: [Adblock Plus 2.6.4 ] - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} visible: True active: True
FF - Ext: [McAfee SiteAdvisor 3.6.6 ] - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} visible: True active: False
FF - PlugIn: [Adobe® Flash® Player 15.0.0.189 Plugin] - C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll
==================== Windows Host File =========================================
==================== BHO =======================================================
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Default = avast! Online Security
=> HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32 Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
==================== BHO x64 ===================================================
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Default = avast! Online Security
=> HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32 Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
==================== Auto Start Programs =======================================
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
CLMLServer_For_P2G8 = "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
CLVirtualDrive = "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
PowerDVD12Agent = "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Report = \AdwCleaner\AdwCleaner[S0].txt
==================== Auto Start Programs x64 ===================================
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*WerKernelReporting = C:\windows\SYSTEM32\WerFault.exe -k -rq
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
IAStorIcon = 2
NvBackend = 4
RTHDVCPL = 4
CLMLServer_For_P2G8 = 6
CLVirtualDrive = 6
mcpltui_exe = 2
PowerDVD12Agent = 6
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Report = \AdwCleaner\AdwCleaner[S0].txt
==================== Extra Items IE ============================================
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
==================== Extra Items IE x64 ========================================
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
==================== Internet Default Prefix ===================================
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
Default = http://
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
WWW = http://
==================== Internet Default Prefix x64 ===============================
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
Default = http://
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
WWW = http://
==================== Protocol Hijackers ========================================
HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
=> SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a]
==================== ShellServiceObjectDelayLoad ===============================
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
=> HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]
==================== ShellServiceObjectDelayLoad x64 =========================
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
=> HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]
==================== Extra (Torpig/ConduitSearch) ==============================
HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
=> HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\windows\system32\shell32.dll
HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
=> HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\windows\system32\ntshrui.dll
==================== DRIVERS and SERVICES ======================================
*** Win32OwnProcess ***
SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
SERV - R2 - [RichVideo64] - Cyberlink RichVideo64 Service(CRVS) - c:\program files\cyberlink\shared files\richvideo64.exe
SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
SERV - R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
SERV - S2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\progra~2\mcafee\sitead~1\mcsacore.exe [x]
SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
*** Win32ShareProcess ***
SERV - R2 - [avast! Antivirus] - avast! Antivirus - c:\program files\avast software\avast\avastsvc.exe
SERV - R2 - [avast! Firewall] - avast! Firewall - c:\program files\avast software\avast\afwserv.exe
SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
*** Others ***
SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe
*** File System Driver ***
DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\windows\system32\Drivers\FileInfo.sys
DRV - R0 - [FltMgr] - FltMgr - C:\windows\system32\Drivers\FltMgr.sys
DRV - R0 - [Mup] - Mup - C:\windows\system32\Drivers\Mup.sys
DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\windows\system32\Drivers\Wof.sys
DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\windows\system32\Drivers\NetBIOS.sys
DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\windows\system32\Drivers\srv.sys
DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\windows\system32\Drivers\srv2.sys
*** Kernel Driver ***
DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\windows\system32\Drivers\ACPI.sys
DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\windows\system32\Drivers\acpiex.sys
DRV - R0 - [aswNdisFlt] - Avast! Firewall Driver - C:\windows\system32\Drivers\aswNdisFlt.sys
DRV - R0 - [aswRvrt] - avast! Revert - C:\windows\system32\Drivers\aswRvrt.sys
DRV - R0 - [aswVmm] - avast! VM Monitor - C:\windows\system32\Drivers\aswVmm.sys
DRV - R0 - [CLFS] - Common Log (CLFS) - C:\windows\system32\Drivers\CLFS.sys
DRV - R0 - [CNG] - CNG - C:\windows\system32\Drivers\CNG.sys
DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\windows\system32\Drivers\disk.sys
DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\windows\system32\Drivers\fvevol.sys
DRV - R0 - [iaStorA] - iaStorA - C:\windows\system32\Drivers\iaStorA.sys
DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\windows\system32\Drivers\intelpep.sys
DRV - R0 - [KSecDD] - KSecDD - C:\windows\system32\Drivers\KSecDD.sys
DRV - R0 - [KSecPkg] - KSecPkg - C:\windows\system32\Drivers\KSecPkg.sys
DRV - R0 - [mountmgr] - Mount Point Manager - C:\windows\system32\Drivers\mountmgr.sys
DRV - R0 - [msisadrv] - msisadrv - C:\windows\system32\Drivers\msisadrv.sys
DRV - R0 - [NDIS] - NDIS System Driver - C:\windows\system32\Drivers\NDIS.sys
DRV - R0 - [partmgr] - Partition Manager - C:\windows\system32\Drivers\partmgr.sys
DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\windows\system32\Drivers\pci.sys
DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\windows\system32\Drivers\pcw.sys
DRV - R0 - [pdc] - pdc - C:\windows\system32\Drivers\pdc.sys
DRV - R0 - [rdyboost] - ReadyBoost - C:\windows\system32\Drivers\rdyboost.sys
DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\windows\system32\Drivers\spaceport.sys
DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\windows\system32\Drivers\Tcpip.sys
DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\windows\system32\Drivers\vdrvroot.sys
DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\windows\system32\Drivers\volmgr.sys
DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\windows\system32\Drivers\volmgrx.sys
DRV - R0 - [volsnap] - Opslagvolumes - C:\windows\system32\Drivers\volsnap.sys
DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\windows\system32\Drivers\Wdf01000.sys
DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\windows\system32\Drivers\WFPLWFS.sys
DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\windows\system32\Drivers\AFD.sys
DRV - R1 - [Beep] - Beep - C:\windows\system32\Drivers\Beep.sys
DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\windows\system32\Drivers\tdx.sys
DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\windows\system32\Drivers\tcpipreg.sys
DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\windows\system32\Drivers\EhStorClass.sys
DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\windows\system32\Drivers\hwpolicy.sys
DRV - S3 - [atapi] - IDE-kanaal - C:\windows\system32\Drivers\atapi.sys
==================== SvcHost - White Listed ====================================
WOW x64 - All Ok
==================== SvcHost x64 - White Listed ================================
All Ok
==================== SigCheck x86 Fast =========================================
Fast Scan All ok
==================== SigCheck x64 Fast =========================================
Fast Scan All ok
==================== Job tasks at C:\windows\Tasks =============================
C:\windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]
==================== Job tasks at C:\windows\system32\Tasks ====================
C:\windows\system32\Tasks\avast! Emergency Update 4182 bytes [ 7-11-2014 20:59:11 ]
=> C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\windows\system32\Tasks\CCleanerSkipUAC 2764 bytes [ 3-10-2014 13:07:50 ]
=> "C:\Program Files\CCleaner\CCleaner.exe"
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1337954666-3365246503-3812227508-500 3596 bytes [ 14-5-2014 22:22:45 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1411370016-1684140959-2541974615-500 3596 bytes [ 2-7-2014 16:12:34 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417907593-4224570124-2239603024-1001 3600 bytes [ 3-10-2014 13:00:30 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417907593-4224570124-2239603024-1003 3600 bytes [ 3-10-2014 21:32:04 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417907593-4224570124-2239603024-500 2324 bytes [ 11-9-2014 15:42:11 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699871604-3919882110-914227205-500 3594 bytes [ 13-5-2014 19:51:24 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1746239437-736636652-4112185482-500 3594 bytes [ 28-4-2014 13:31:18 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2459828839-2522776815-3392737513-500 3596 bytes [ 28-4-2014 15:39:51 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2758317423-3897502023-3626412327-500 3596 bytes [ 30-4-2014 08:09:42 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3180656211-639042760-2496406545-500 3594 bytes [ 24-4-2014 17:45:01 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3704421973-2314356633-1384728311-500 3596 bytes [ 28-4-2014 11:14:40 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-941730790-3843577710-2423437562-500 3594 bytes [ 2-7-2014 11:42:08 ]
C:\windows\system32\Tasks\PDVDServ12 Task 3062 bytes [ 2-7-2014 13:57:40 ]
=> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
==================== Job tasks at C:\windows\SysWOW64\Tasks ====================
There are no .job files found.
==================== End scanning at za 13 dec 2014 19:27 (0 Min 10 Sec ) ======
Graag wil ik iemand vragen om mij te helpen. Op de nieuwe pc van mn broertje krijgen we allemaal rare reclame tabs te zien zodra hij de browser opent. Ik zie dan tabs van MacAfee en andere reclame beoordelingssite's.
Graag willen wij hiervan af. Kan iemand ons helpen?
Ook doet het snel zoeken zoekveld van google het niet bij firefox. Heeft dit eveneens te maken met een virus?
Bovendien gaat de pc vaak zomaar dicht en dan krijgen we een blauwe scherm te zien van oeps er is iets misgegaan.....
Alvast bedankt!
Nero
MBAM logje:
Malwarebytes Anti-Malware
Scan Date: 13-12-2014
Scan Time: 16:24:51
Logfile: FILEEE.txt
Administrator: No
Version: 2.00.4.1028
Malware Database: v2014.12.13.04
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Mensur & Adna
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 418046
Time Elapsed: 32 min, 3 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
AdwCleaner:
# AdwCleaner v4.105 - Rapport aangemaakt 13/12/2014 op 19:15:38
# Laatste Update 08/12/2014 door Xplode
# Database : 2014-12-13.4 [Live]
# Besturingssysteem : Windows 8.1 (64 bits)
# Gebruikersnaam : E - MBELMA
# Gestart vanuit : C:\Users\Mensur & Adna\Downloads\adwcleaner_4.105.exe
# Optie : Verwijderen
***** [ Services ] *****
Service Verwijderd : vToolbarUpdater18.1.9
***** [ Bestanden / Mappen ] *****
Map Verwijderd : C:\ProgramData\AVG SafeGuard toolbar
Map Verwijderd : C:\ProgramData\AVG Secure Search
Map Verwijderd : C:\Program Files (x86)\AVG SafeGuard toolbar
Map Verwijderd : C:\Program Files (x86)\Common Files\AVG Secure Search
Map Verwijderd : C:\Program Files\AVG SafeGuard toolbar
Map Verwijderd : C:\UsErs\E\AppData\LocalLow\AVG SafeGuard toolbar
Bestand Verwijderd : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\S
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Waarde Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : HKCU\Software\AVG SafeGuard toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\AVG SafeGuard toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\AVG Security Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v33.1 (x86 nl)
*************************
AdwCleaner[R0].txt - [4979 octets] - [13/12/2014 19:14:01]
AdwCleaner[S0].txt - [4907 octets] - [13/12/2014 19:15:38]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4967 octets] ##########
E-Peek:
E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2014
E Dev
Run at za 13 dec 2014 19:27
.
Windows 8.1 (64 bits)
C:\windows [NTFS - Fixed]
Default Browser: Internet Explorer
Boot mode: Normal boot
User logged in: E
.
Java x86: n/a
Java x64: n/a
.
AV : Windows Defender [Updated - Not Running]
AV : avast! Antivirus [Updated - Not Running]
AS : Windows Defender [Updated - Not Running]
AS : avast! Antivirus [Updated - Not Running]
FW : FW : avast! Antivirus [Updated - Not Running]
.
==================== Files and Folders history =================================
Folders Created Last 7 days :
13-12-2014 ##### r-h-s-d+a- C:\Users\E\AppData\Roaming\E Dev
13-12-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services
13-12-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
13-12-2014 ##### r-h-s-d+a- C:\AdwCleaner
Files Modified Last 7 days :
13-12-2014 03409780 r-h-s-d-a+ C:\windows\system32\PerfStringBackup.INI
13-12-2014 00806500 r-h-s-d-a+ C:\windows\system32\perfh013.dat
13-12-2014 00789596 r-h-s-d-a+ C:\windows\system32\prfh0816.dat
13-12-2014 00723316 r-h-s-d-a+ C:\windows\system32\perfh009.dat
13-12-2014 00542632 r-h-s-d-a+ C:\windows\system32\perfh008.dat
13-12-2014 00164166 r-h-s-d-a+ C:\windows\system32\prfc0816.dat
13-12-2014 00162500 r-h-s-d-a+ C:\windows\system32\perfc013.dat
13-12-2014 00135930 r-h-s-d-a+ C:\windows\system32\perfc009.dat
13-12-2014 00089196 r-h-s-d-a+ C:\windows\system32\perfc008.dat
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-18-17-15.076-AvastVBoxSVC.exe-2924.log
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-15-17-37.080-AvastVBoxSVC.exe-3284.log
11-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-11-18-31-52.037-AvastVBoxSVC.exe-3296.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-20-55-54.070-AvastVBoxSVC.exe-3320.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-18-34-52.056-AvastVBoxSVC.exe-2772.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-19-12-22.098-AvastVBoxSVC.exe-3088.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-18-23-59.056-AvastVBoxSVC.exe-3148.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-19-08-02.017-AvastVBoxSVC.exe-3288.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-18-08-03.041-AvastVBoxSVC.exe-3228.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-15-40-42.079-AvastVBoxSVC.exe-3480.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-47-58.085-AvastVBoxSVC.exe-3332.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-16-46.051-AvastVBoxSVC.exe-3288.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-15-01-15.053-AvastVBoxSVC.exe-3308.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-14-58-37.056-AvastVBoxSVC.exe-4952.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-12-14-52.064-AvastVBoxSVC.exe-3264.log
06-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-06-21-05-50.000-AvastVBoxSVC.exe-3360.log
Files Created Last 7 days :
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-18-17-15.076-AvastVBoxSVC.exe-2924.log
13-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-13-15-17-37.080-AvastVBoxSVC.exe-3284.log
11-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-11-18-31-52.037-AvastVBoxSVC.exe-3296.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-20-55-54.070-AvastVBoxSVC.exe-3320.log
10-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-10-18-34-52.056-AvastVBoxSVC.exe-2772.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-19-12-22.098-AvastVBoxSVC.exe-3088.log
09-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-09-18-23-59.056-AvastVBoxSVC.exe-3148.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-19-08-02.017-AvastVBoxSVC.exe-3288.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-18-08-03.041-AvastVBoxSVC.exe-3228.log
08-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-08-15-40-42.079-AvastVBoxSVC.exe-3480.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-47-58.085-AvastVBoxSVC.exe-3332.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-18-16-46.051-AvastVBoxSVC.exe-3288.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-15-01-15.053-AvastVBoxSVC.exe-3308.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-14-58-37.056-AvastVBoxSVC.exe-4952.log
07-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-07-12-14-52.064-AvastVBoxSVC.exe-3264.log
06-12-2014 00000197 r-h-s-d-a+ C:\windows\system32\2014-12-06-21-05-50.000-AvastVBoxSVC.exe-3360.log
==================== RUNNING PROCESSES =========================================
[afwServ] -SYSTEM- C:\Program Files\AVAST Software\Avast\afwServ.exe - (AVAST Software)
[audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
[AvastSvc] -SYSTEM- C:\Program Files\AVAST Software\Avast\AvastSvc.exe - (AVAST Software)
[avastui] -Mensur & Adna- C:\Program Files\AVAST Software\Avast\avastui.exe - (AVAST Software)
[AvastVBoxSVC] -SYSTEM- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe - (Avast Software)
[CLMLSvc_P2G8] -Mensur & Adna- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe - (CyberLink)
[csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
[csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
[dllhost] -SYSTEM- C:\windows\system32\DllHost.exe - (Microsoft Corporation)
[dwm] -DWM-1- C:\windows\system32\dwm.exe - (Microsoft Corporation)
[E-Peek 1.9.9.0] -E- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
[explorer] -Mensur & Adna- C:\windows\Explorer.EXE - (Microsoft Corporation)
[HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
[IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
[IAStorIcon] -Mensur & Adna- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
[IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
[jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
[livecomm] -Mensur & Adna- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.ex e - (Microsoft Corporation)
[LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
[lsass] -SYSTEM- C:\windows\system32\lsass.exe - (Microsoft Corporation)
[mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
[msiexec] -SYSTEM- C:\windows\system32\msiexec.exe - (Microsoft Corporation)
[ngservice] -SYSTEM- C:\Program Files\AVAST Software\Avast\ng\ngservice.exe - (AVAST Software)
[NvBackend] -Mensur & Adna- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
[nvtray] -Mensur & Adna- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
[PDVD12Serv] -Mensur & Adna- C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe - (CyberLink Corp.)
[RAVCpl64] -Mensur & Adna- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor)
[RichVideo64] -SYSTEM- C:\Program Files\CyberLink\Shared files\RichVideo64.exe - ()
[RuntimeBroker] -Mensur & Adna- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
[SearchFilterHost] -SYSTEM- C:\windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
[SearchIndexer] -SYSTEM- C:\windows\system32\SearchIndexer.exe - (Microsoft Corporation)
[SearchProtocolHost] -SYSTEM- C:\windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
[services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
[smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
[spoolsv] -SYSTEM- C:\windows\System32\spoolsv.exe - (Microsoft Corporation)
[System] -N/A- - (System)
[taskhostex] -Mensur & Adna- C:\windows\system32\taskhostex.exe - (Microsoft Corporation)
[TiWorker] -SYSTEM- C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17129_none_fa6387b99b0c7738\TiWorker.exe - (Microsoft Corporation)
[TrustedInstaller] -SYSTEM- C:\windows\servicing\TrustedInstaller.exe - (Microsoft Corporation)
[unsecapp] -Mensur & Adna- C:\windows\system32\wbem\unsecapp.exe - (Microsoft Corporation)
[VSSVC] -SYSTEM- C:\windows\system32\vssvc.exe - (Microsoft Corporation)
[wininit] -SYSTEM- C:\windows\system32\wininit.exe - (Microsoft Corporation)
[winlogon] -SYSTEM- C:\windows\system32\winlogon.exe - (Microsoft Corporation)
[WmiPrvSE] -NETWORK SERVICE- C:\windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
[WmiPrvSE] -SYSTEM- C:\windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
[WpcMon] -Mensur & Adna- C:\windows\system32\WpcMon.exe - (Microsoft Corporation)
==================== IE PAGES ==================================================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
Start Page = hxxp://www.msn.com/?pc=AV01
Local Page = C:\Windows\SysWOW64\blank.htm
Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DisplayName = @ieframe.dll,-12512
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
DisplayName = Microsoft (Bing)
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
==================== IE PAGES x64 ==============================================
HKLM\Software\Microsoft\Internet Explorer\Main
Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Local Page = C:\Windows\System32\blank.htm
Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DisplayName = @ieframe.dll,-12512
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
==================== Auto Load =================================================
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = userinit.exe
Shell = explorer.exe
==================== Auto Load x64 =============================================
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\Windows\system32\userinit.exe,
Shell = explorer.exe
==================== Firefox ===================================================
FF - ProfilePath - C:\Users\E\AppData\Roaming\Mozilla\firefox\Profiles\1thnbs72.default
FF - Ext: [Default 32.0.3 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True
FF - Ext: [Adblock Plus 2.6.4 ] - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} visible: True active: True
FF - Ext: [McAfee SiteAdvisor 3.6.6 ] - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} visible: True active: False
FF - PlugIn: [Adobe® Flash® Player 15.0.0.189 Plugin] - C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll
==================== Windows Host File =========================================
==================== BHO =======================================================
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Default = avast! Online Security
=> HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32 Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
==================== BHO x64 ===================================================
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Default = avast! Online Security
=> HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32 Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
==================== Auto Start Programs =======================================
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
CLMLServer_For_P2G8 = "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
CLVirtualDrive = "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
PowerDVD12Agent = "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Report = \AdwCleaner\AdwCleaner[S0].txt
==================== Auto Start Programs x64 ===================================
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*WerKernelReporting = C:\windows\SYSTEM32\WerFault.exe -k -rq
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
IAStorIcon = 2
NvBackend = 4
RTHDVCPL = 4
CLMLServer_For_P2G8 = 6
CLVirtualDrive = 6
mcpltui_exe = 2
PowerDVD12Agent = 6
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Report = \AdwCleaner\AdwCleaner[S0].txt
==================== Extra Items IE ============================================
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
==================== Extra Items IE x64 ========================================
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
==================== Internet Default Prefix ===================================
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
Default = http://
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
WWW = http://
==================== Internet Default Prefix x64 ===============================
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
Default = http://
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
WWW = http://
==================== Protocol Hijackers ========================================
HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
=> SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a]
==================== ShellServiceObjectDelayLoad ===============================
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
=> HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]
==================== ShellServiceObjectDelayLoad x64 =========================
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
=> HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]
==================== Extra (Torpig/ConduitSearch) ==============================
HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
=> HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\windows\system32\shell32.dll
HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
=> HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\windows\system32\ntshrui.dll
==================== DRIVERS and SERVICES ======================================
*** Win32OwnProcess ***
SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
SERV - R2 - [RichVideo64] - Cyberlink RichVideo64 Service(CRVS) - c:\program files\cyberlink\shared files\richvideo64.exe
SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
SERV - R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
SERV - S2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\progra~2\mcafee\sitead~1\mcsacore.exe [x]
SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
*** Win32ShareProcess ***
SERV - R2 - [avast! Antivirus] - avast! Antivirus - c:\program files\avast software\avast\avastsvc.exe
SERV - R2 - [avast! Firewall] - avast! Firewall - c:\program files\avast software\avast\afwserv.exe
SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
*** Others ***
SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe
*** File System Driver ***
DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\windows\system32\Drivers\FileInfo.sys
DRV - R0 - [FltMgr] - FltMgr - C:\windows\system32\Drivers\FltMgr.sys
DRV - R0 - [Mup] - Mup - C:\windows\system32\Drivers\Mup.sys
DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\windows\system32\Drivers\Wof.sys
DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\windows\system32\Drivers\NetBIOS.sys
DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\windows\system32\Drivers\srv.sys
DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\windows\system32\Drivers\srv2.sys
*** Kernel Driver ***
DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\windows\system32\Drivers\ACPI.sys
DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\windows\system32\Drivers\acpiex.sys
DRV - R0 - [aswNdisFlt] - Avast! Firewall Driver - C:\windows\system32\Drivers\aswNdisFlt.sys
DRV - R0 - [aswRvrt] - avast! Revert - C:\windows\system32\Drivers\aswRvrt.sys
DRV - R0 - [aswVmm] - avast! VM Monitor - C:\windows\system32\Drivers\aswVmm.sys
DRV - R0 - [CLFS] - Common Log (CLFS) - C:\windows\system32\Drivers\CLFS.sys
DRV - R0 - [CNG] - CNG - C:\windows\system32\Drivers\CNG.sys
DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\windows\system32\Drivers\disk.sys
DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\windows\system32\Drivers\fvevol.sys
DRV - R0 - [iaStorA] - iaStorA - C:\windows\system32\Drivers\iaStorA.sys
DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\windows\system32\Drivers\intelpep.sys
DRV - R0 - [KSecDD] - KSecDD - C:\windows\system32\Drivers\KSecDD.sys
DRV - R0 - [KSecPkg] - KSecPkg - C:\windows\system32\Drivers\KSecPkg.sys
DRV - R0 - [mountmgr] - Mount Point Manager - C:\windows\system32\Drivers\mountmgr.sys
DRV - R0 - [msisadrv] - msisadrv - C:\windows\system32\Drivers\msisadrv.sys
DRV - R0 - [NDIS] - NDIS System Driver - C:\windows\system32\Drivers\NDIS.sys
DRV - R0 - [partmgr] - Partition Manager - C:\windows\system32\Drivers\partmgr.sys
DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\windows\system32\Drivers\pci.sys
DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\windows\system32\Drivers\pcw.sys
DRV - R0 - [pdc] - pdc - C:\windows\system32\Drivers\pdc.sys
DRV - R0 - [rdyboost] - ReadyBoost - C:\windows\system32\Drivers\rdyboost.sys
DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\windows\system32\Drivers\spaceport.sys
DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\windows\system32\Drivers\Tcpip.sys
DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\windows\system32\Drivers\vdrvroot.sys
DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\windows\system32\Drivers\volmgr.sys
DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\windows\system32\Drivers\volmgrx.sys
DRV - R0 - [volsnap] - Opslagvolumes - C:\windows\system32\Drivers\volsnap.sys
DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\windows\system32\Drivers\Wdf01000.sys
DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\windows\system32\Drivers\WFPLWFS.sys
DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\windows\system32\Drivers\AFD.sys
DRV - R1 - [Beep] - Beep - C:\windows\system32\Drivers\Beep.sys
DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\windows\system32\Drivers\tdx.sys
DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\windows\system32\Drivers\tcpipreg.sys
DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\windows\system32\Drivers\EhStorClass.sys
DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\windows\system32\Drivers\hwpolicy.sys
DRV - S3 - [atapi] - IDE-kanaal - C:\windows\system32\Drivers\atapi.sys
==================== SvcHost - White Listed ====================================
WOW x64 - All Ok
==================== SvcHost x64 - White Listed ================================
All Ok
==================== SigCheck x86 Fast =========================================
Fast Scan All ok
==================== SigCheck x64 Fast =========================================
Fast Scan All ok
==================== Job tasks at C:\windows\Tasks =============================
C:\windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]
==================== Job tasks at C:\windows\system32\Tasks ====================
C:\windows\system32\Tasks\avast! Emergency Update 4182 bytes [ 7-11-2014 20:59:11 ]
=> C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\windows\system32\Tasks\CCleanerSkipUAC 2764 bytes [ 3-10-2014 13:07:50 ]
=> "C:\Program Files\CCleaner\CCleaner.exe"
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1337954666-3365246503-3812227508-500 3596 bytes [ 14-5-2014 22:22:45 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1411370016-1684140959-2541974615-500 3596 bytes [ 2-7-2014 16:12:34 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417907593-4224570124-2239603024-1001 3600 bytes [ 3-10-2014 13:00:30 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417907593-4224570124-2239603024-1003 3600 bytes [ 3-10-2014 21:32:04 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417907593-4224570124-2239603024-500 2324 bytes [ 11-9-2014 15:42:11 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699871604-3919882110-914227205-500 3594 bytes [ 13-5-2014 19:51:24 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1746239437-736636652-4112185482-500 3594 bytes [ 28-4-2014 13:31:18 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2459828839-2522776815-3392737513-500 3596 bytes [ 28-4-2014 15:39:51 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2758317423-3897502023-3626412327-500 3596 bytes [ 30-4-2014 08:09:42 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3180656211-639042760-2496406545-500 3594 bytes [ 24-4-2014 17:45:01 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3704421973-2314356633-1384728311-500 3596 bytes [ 28-4-2014 11:14:40 ]
C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-941730790-3843577710-2423437562-500 3594 bytes [ 2-7-2014 11:42:08 ]
C:\windows\system32\Tasks\PDVDServ12 Task 3062 bytes [ 2-7-2014 13:57:40 ]
=> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
==================== Job tasks at C:\windows\SysWOW64\Tasks ====================
There are no .job files found.
==================== End scanning at za 13 dec 2014 19:27 (0 Min 10 Sec ) ======
Comment